Posts: 528
Threads: 3
Joined: Oct 2009
Reputation:
31
- Please download Malwarebytes' Anti-Malware 'here'.
- Double-click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to 'Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware', then click 'Finish'.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select 'Perform Full Scan', then click 'Scan'. The scan may take some time to finish, so please be patient.
- When the scan is complete, click 'OK', then 'Show Results' to view the results.
- Make sure that everything is checked, and click 'Remove Selected'.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
- The log is automatically saved by Malwarebytes' Anti-Malware and can be viewed by clicking the 'Logs' tab in the interface.
- Copy and paste the entire report in your next reply.
- Step 3
Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
- Double-click esetsmartinstaller_enu.exe to execute the program.
- Tick 'YES, I accept the Terms of Use'.
- Click 'Start'.
- If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
- Database download may take some time.
- When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
- Scan for potentially unwanted applications
- Enable Anti-Stealth Technology
- Click 'Start'.
- Wait for the scan to finish.
- Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
- Copy and paste that log as a reply to this topic.
- Step 4
Download DDS.scr by sUBs from one of the following links and save it to your Desktop.
'Link 1'
'Link 2'
- Double-click on DDS.scr and a command window will appear. This is normal.
- Shortly after two logs will appear, DDS.txt and Attach.txt.
- A window will open instructing you save and post the logs. Save the logs to a convenient place such as your Desktop.
- Copy the contents of both logs and post in your next reply.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Deckard's System Scanner (DDS) Logs
- ESET Scan Log
- Malwarebytes' Anti-Malware Scan Log
- Format of Response
Code: [color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Posts: 18
Threads: 1
Joined: Mar 2011
Reputation:
0
Step 2
Problems Encountered:
None
Step 3
Problems Encountered:
None
Step 4
Problems Encountered:
None
Link To Requested Logs:
HijackThisLog
DDSLog
AttachLog
ESET Scan Log
MalwareBytes' Anti-Malware Scan Log
Posts: 528
Threads: 3
Joined: Oct 2009
Reputation:
31
- Step 5
System Restore maintains a backup of your programs however it may also backup infections therefore constant flushing is required to create a clean Restore Point.
- On the Desktop, right-click My Computer > Properties > System Restore tab.
- Check Turn off System Restore.
- Click Apply > Yes.
- Please wait a few moments to let it clear.
- After doing so, remove the check from Turn off System Restore.
- Click Apply > OK.
- System Restore will be working again and will have a new Restore Point.
- Step 6
My analysis shows me that you have Ask Toolbar installed in your system.
I strongly recommend you remove the program from your system for the following reasons:
- It promotes its toolbars on sites targeted at kids.
- It promotes its toolbars through ads that appear to be part of other companies' sites.
- It promotes its toolbars through other companies' spyware.
- It is installed without any disclosure whatsoever and without any consent from the user whatsoever thereby considering it as foistware.
- It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
- It makes confusing changes to user's browsers - increasing Ask Toolbar's revenues while taking users to pages they didn't intend to visit.
You can view more of that from 'this' site. Another recommended read would be 'this' article.
Now in accordance to these facts, I will now present to you the proper way of removal.
- Click Start > Control Panel > Add or Remove Programs.
- Locate and select AskBarDis or Ask Toolbar on the list and click the Remove button.
- Follow the on-screen steps which concerns the removal.
- Now delete the following folder C:\Program Files\AskBarDis or C:\Program Files\AskToolbar and empty your Recycle Bin.
- Step 7
Looking at your log, I have seen that you have the program(s) below installed. I highly suggest a removal through Add or Remove Programs or Programs and Features. I am asking you this for I have seen negative feedback from users. Should the program(s) in question be utterly clean, no such comment should be seen. Take this as a pre-cautionary measure. Better safe than sorry.
The list below shows the program(s) with poor or flawed reputation that you currently have installed in your system:
- DVDVideoSoftTB Toolbar
- Messenger Plus! Live
- MyShoppingGenie
- Registry Reviver
Please respond back if you encounter difficulties uninstalling the program(s).
- Step 8
Please run HijackThis as Administrator. Click 'Do a system scan only' and place a check next to the following line(s) if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf&s={searchTerms}&f=4
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mnumsg.exe] C:\Program Files\MyShoppingGenie\mnumsg.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
Then, close all other open windows and click 'Fix Checked'. You are to reboot your system afterwards.
- Step 9
Please download the OTM File Mover from 'here'. Please click the Go (Arrow Button) or press Enter in the URL address bar to start the download.- Save it to your Desktop.
- Please double-click OTM.exe to run it.
- Copy the lines inside the Code box below to the Clipboard by highlighting all of the content and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: :Processes
explorer.exe
:Files
c:\windows\system32\roboot.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Return to OTM, right-click in the Paste Instructions for Items to be Moved window and choose Paste.
- Click the red MoveIt! button.
- Copy everything in the Results window to the Clipboard by highlighting all of the content and by pressing CTRL + C (or, after highlighting, right-click and choose Copy).
- Paste it in your next reply.
- Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad) and click File > Open. In the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present. Copy and paste the contents of that document back here in your next post.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Deckard's System Scanner (DDS) Logs
- Format of Response
Code: [color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]
Posts: 18
Threads: 1
Joined: Mar 2011
Reputation:
0
04-01-2011, 10:51 AM
(This post was last modified: 04-01-2011, 10:54 AM by Veran.)
When i tried to do the system restore step i got this:
Picture of problem
What do i do now? im the only user on this computer, and its a family computer in the living room, not part of a work network or anything.
Posts: 5,793
Threads: 268
Joined: Sep 2010
Reputation:
85
04-01-2011, 12:07 PM
(This post was last modified: 04-01-2011, 12:07 PM by AceInfinity.)
That's what system restore does, it goes back in time (reverses) the bad effects on your computer to a cleaner state.
Posts: 18
Threads: 1
Joined: Mar 2011
Reputation:
0
(04-01-2011, 12:07 PM)Infinity Wrote: That's what system restore does, it goes back in time (reverses) the bad effects on your computer to a cleaner state.
Yea i know that, but im meant to check and uncheck that box with "turn off system restore"
if you look at the picture it wont allow me to do so, what do i do now is the question
Posts: 5,793
Threads: 268
Joined: Sep 2010
Reputation:
85
(04-01-2011, 12:17 PM)Veran Wrote: Yea i know that, but im meant to check and uncheck that box with "turn off system restore"
if you look at the picture it wont allow me to do so, what do i do now is the question
Enable it in your group policy
Run > gpedit.msc
Posts: 18
Threads: 1
Joined: Mar 2011
Reputation:
0
Step 5
Problems Encountered:
None apart from having to remove restrictions due to group policy
Step
6
Problems Encountered:
None
Step 7
Problems Encountered:
None
Link To Requested Logs:
OTM Log
Fresh HijackTHis Log
DDSLog
AttachLog
Posts: 528
Threads: 3
Joined: Oct 2009
Reputation:
31
Things are looking good. How is your system performing?
(04-01-2011, 12:26 PM)Infinity Wrote: Enable it in your group policy
Run > gpedit.msc
Thank you, Infinity. 
Posts: 5,793
Threads: 268
Joined: Sep 2010
Reputation:
85
(04-01-2011, 05:56 PM)Quintus Wrote: Things are looking good. How is your system performing?
Thank you, Infinity.
No problem I know I can't help out with the logs, but I can help with smaller things like that.
|
